[onre]

Back in late '90s a friend lived in a student dorm which had a then-fast 512 kbps Internet connection. It was heavily firewalled - UDP only to ISP's nameservers, TCP only to ISP's web proxies. ICMP was passed anywhere, though, so he wrote a small program which encapsulated a TCP stream in ICMP "host unreachable" reply packets, IIRC. The other end of the tunnel ran on a machine at the place where he was interning as a junior programmer. Debugging the program was slightly painful because he couldn't obviously be at both ends of the tunnel simultaneously, but he got it to work in a couple of weeks. It wasn't very tolerant of packet loss - IIRC it didn't have any mechanism to resynchronize the connection if there was any, but instead there was some method of reinitializing the connection. Anyway, running SOCKS on top of all this made the ISP-crippled connection usable in a normal manner.

[crypt1d]

Ahh, dorms are often the first place people start experimenting with this kind of stuff :) I remember doing something similar at a friends dorm. They had a filter to only allow HTTP/HTTPS traffic via their proxy, so I used some HTTP tunnel tool to push a VPN connection through it. It was pretty weak but it worked for basic usage. I remember having a real hard time figuring out what was causing VPN connections to drop intermittently. That's how I learned about HTTP keep-alives.